Using AddressSanitizer with Xcode 4.6.1

AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library. The tool can detect the following types of bugs:

Out-of-bounds accesses to heap, stack and globals

Use-after-free

Use-after-return (to some extent)

Double-free, invalid free

Typical slowdown introduced by AddressSanitizer is 2x.

Using AddressSanitizer by manually compiling a file is well documented. On the other hand using Xcode 4.6.1 to build a complex project with AddressSanitizer enabled is not so easy. Following are the steps to build an Xcode project with AddressSanitizer.

Note that I used Xcode 4.6.1 when writing this article. Xcode 4.6.1 contains a Clang build based on LLVM 3.2. Most likely a future Xcode build will contain a Clang build based on LLVM 3.3 which would simplify the use of AddressSanitizer in Xcode.

1- Building Clang 3.3

Since Xcode 4.6.1 contains an old build of Clang, we need to get and build Clang trunk. This is fairly easy. Here is what I did:

2- Tell Xcode 4.6.1 to use Clang 3.3 we just compiled

The simplest solution I found is to add the following user define in the Xcode target:

CC = "PATH_TO/llvm/build/Debug+Asserts/bin/clang";

You need to set PATH_TO to the folder where you compiled llvm.

3- Make sure the deployment target is set to 10.7 or higher

I used the deployment target set to 10.7.

4- Add the C flag and linker flag -fsanitize=address

Add the C flag -fsanitize=address

Add the linker flag -fsanitize=address

5- Compile your project

Congratulations! You now have a build of your project with AddressSanitizer enabled.

6- Running the application

Xcode 4.6.1 fails to run this executable but you can run it from the Terminal and AddressSanitizer will detect possible memory errors.

If your application has a memory error, you will see an error message like:

7- Symbolize the symbols

Currently AddressSanitizer does not symbolize its output.

You will need to manually symbolize the addresses. This can easily be done with atos (see man atos) and the dSYM file produced during the compilation (you might need to turn on “DWARF with dSYM File” in the Xcode target).

For example to symbolize the symbol 0x100001d86 in the AddressSanitizer message: